I have seen some examples in "Foundation of cryptography" and "Efficient two party computation", in which simulator can do some things that in the real world model the parties cannot do, for instance:
...

Please, consider two honest parties $A$ and $B$ outsourced their private data to a malicious server $S$. So the parties store their data in the server. Then at a later point in time they want to ask ...

Definition 1 on Page 7 of “An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation” by Camenisch and Lysyanskaya, uses the term “simulator” in defining the ...

I am aware that,(in theory) in order to proof that a scheme is secure using simulation based proof we replace an adversary in real world with a simulator in ideal world. Then we try to show that their ...

There are many schemes that can advertise themselves with certain security notions, usually IND-CPA or IND-CCA2, for example plain ElGamal has IND-CPA security but doesn't provide IND-CCA security.
...

Let $\mathsf{Exp}_{A,\Pi}(\lambda)$ be some indistinguishability experiment that finally outputs 1 if A outputs $b'$ that satisfies $b' = b$, otherwise 0. Then the textbooks often define the security ...

Is $\frac{1}{n!}$ a negligible function where $n$ is a security parameter?
Application: I have a vector of n>100 elements. I permute it and give it to an adversary. The adversary can break it if it ...

I need to know in an outsourced two party computation where honst $A$ and $B$ outsource their private and secure data to a malicious server, why we need to design a simulator that interacts with an ...

Imagine there is a protocol supporting outosurced multi party computation. There are three parties involved in the protocol: client $A$, client $B$ and a server. Client $A$ and $B$ send their private ...

Consider we have two vectors $v_1, v_2$ of size $n$, and each vector contains $n$ elements. We permute the vectors as: $\pi (k_1,v_1), \pi (k_2,v_2)$. Where $\pi (k_i,v)$ denotes a permutation of a ...

Problem: I have a small sized domain, say s-bit. It's clear that the probability for an adversary to guess an element is $ \frac{1}{2^s}$. I need to make the probability negligible. However, I need to ...

I just stumbled across a Stack Overflow post which points out that the libmcrypt library (notably used in PHP) implements a somewhat unusual set of block cipher modes: it calls the usual CFB and OFB ...

I'm trying to understand PPT and in particular what the differences are in uniform and non-uniform PPT's. First, this is how I see it:
A Probabilistic Polynomial-Time algorithm A is an algorithm that ...

A modern trend in cryptography consists of defining security as rigorously as possible, and then designing schemes which are secure according to those definitions. Proving security comes in the form ...

We know that the one-time pad is provably secure as a cipher to encrypt some data. Is there an algorithm which does the same just as a hash function? Can we get a provably secure hash function? Maybe ...

where $g$ is a group element in bilinear group $\mathbb{G}$. I understand it is very similar to the conventional DBDH problem, but $g^{1/b}$ is also known, possibly making it easier? Does anyone know ...

In the Bernstein et al. paper about EdDSA, the authors claim EdDSA is resilient against collisions (i.e. it can still be secure even if the hash function used isn't collision-resistant), drawing on a ...

Let suppose that we have to check a message that was written one second ago. The message is discarded immediately after having being checked. What "minimal" size for such a MAC is secure ?
Thank you.
...

Do you mind if you give me any hints, links or ideas about how to improve the security of double regular encryption and decryption, by using CPA game and CCA game, it sounds interesting question, and ...

We define the polynomials $r, f_1,f_2,s \in R[x]$. Where $r$ is a random degree 1 polynomial and $s$ is a random polynomial such that: $degree(s)=degree(f_1)=degree(f_2)$, let $R$ be $\mathbb{Z}_p$ ...